2 B. Modified Function Without violating the security requirements, CAST-128 function F can be modified[7] as follows: Table II Effect for one bit change in Key 1,4,7,10,13,16 2,5,8,11,14 I = ((Km i + R i-1 ) <<< Kr i ) F = (S 1 [I a ] ^ S 2 [I b ]) (S 3 [I c ] + S 4 [I d ]) I = ((Km i ^ R i-1 ) <<< Kr i ) F = (S 1 [I a ] - S 2 [I b ]) + (S 3 [I c ] ^ S 4 [I d ]) rounds pairs plaintext samples Original Modified the both s give same 3,6,9,12,15 I = ((Km i - R i-1 ) <<< Kr i ) F = (S 1 [I a ] + S 2 [I b ]) ^ (S 3 [I c ] - S 4 [I d ]) Note that the first and third operations function F can be performed in parallel. For example, in round 1, F = (S 1 [I a ] ^ S 2 [I b ]) (S 3 [I c ]+ S 4 [I d ]) in which operations ^ and + can be done in parallel and the results those two operations can be used to perform operation. In [7] we have shown that this modification leads to 20% improvement in the exection time function F. Now we will show that the above modification to the function does not violate the security the when compared to that original. For this, we will make use avalanche effect, encryption quality, key sensitivity test and statistical analysis. II. AVALANCHE EFFECT We have used effect[1], [2] to show that the modified also possesses good diffusion characteristics as that original. We have taken pairs plaintexts with each pair differing only by one bit. We have encrypted them first by using the original and then by using modified one. For both the s same key (K1) is used which is selected arbitrarily. We have counted the number original avalanche, the number the modified avalanche and the number both s give same avalanche. Tabulation results observed by changing one bit plaintext in the samples for rounds 2, 4, 6, 8, 10, 12, 14 and 16 original and modified s is as shown in table I. Table I Effect for one bit change in Plaintext rounds pairs plaintext samples Original Modified both s give same We have carried out similar tests by changing one bit in the key and using set plaintext samples. First we encrypted these plaintexts with a key using both the s. Then just by changing the key by one bit chosen randomly the same set plaintexts is encrypted using both the s. We have observed the change in the number bits. The results are tabulated as shown in table II for different rounds. From the results, we can observe that both the s posses good avalanche properties. III. ENCRYPTION QUALITY ANALYSIS The quality image encryption[6],[11] may be determined as follows: Let F and F denote the original image (plainimage) and the encrypted image (cipherimage) respectively each size M*N pixels with L grey levels. F(x, y), F (x, y) ε {0,.., L 1} are the grey levels the images F and F at position (x, y) (0 x M 1, 0 y N 1). Let H L (F) denote the number occurrences each grey level L in the original image (plainimage) F. Similarly, H L (F ) denotes the number occurrences each grey level L in the encrypted image (cipherimage) F. The encryption quality represents the average number changes to each grey level L and is expressed mathematically as For all tests we have used two images Ape.bmp and Cart.bmp both size 512x512. The effect number rounds r on the encryption quality for CAST-128 and Modified CAST-128 is investigated. The encryption quality CAST-128 and modified CAST-128 is computed as a function number rounds (r) using Ape.bmp as plainimage and its corresponding encrypted 29

3 images. The results are tabulated for different rounds as shown in tables III. This procedure is repeated for another bitmap image Cart.bmp and the results are shown in table IV. Table III Encryption Qualities using Ape.bmp as Plainimage Encryption Quality (E.Q) CAST-128 and Modified CAST-128 r CAST-128 Algorithm type Modified CAST Above experiment is repeated for modified CAST % pixels differ from the image encrypted with K1(Fig. 4B) compared to the image encrypted with K2 (Fig. 4C). Fig. 4D shows the difference the two images. When we tried to decrypt images encrypted with K1 and K2 by using keys K2 and K1 respectively decryption completely failed as it has happened in original CAST-128 and the results are shown in 4E and 4F. Fig. 3A Plainimage Cart.bmp Fig. 3B Encrypted with Key K1 Table IV Encryption Qualities using Cart.bmp as Plainimage Encryption Quality (E.Q) CAST-128 and Modified CAST-128 Algorithm type r CAST-128 Modified CAST The above results show that modification done to the function does not degrade the quality encryption. IV. KEY SENSITIVITY TEST We have conducted key sensitivity test[6], [11] on the image Cart.bmp for original and modified CAST-128 s using the following 128 bit keys K1 and K2 where K2 is obtained by complementing one the 128 bits K1 which is selected randomly. The hexadecimal digits K1 and K2 which have this difference bit are shown in bold case. K1 = ADF278565E262AD1F5DEC94A0BF25B27 (Hex) K2 = ADF238565E262AD1F5DEC94A0BF25B27 (Hex) First the plainimage Cart.bmp (Fig. 3A) is encrypted with K1 using original CAST-128 and then by using K2. These cipher images are shown in Fig. 3B and 3C. Then we have counted the number pixels that differ in the encrypted images. The result is % pixels differ from the image encrypted with the key K2 from that encrypted with K1. The difference image shown in 3D confirms this. When we tried to decrypt the image which is encrypted with K1 using K2 (Fig. 3E), or vice-versa (Fig. 3F) no original information is revealed. Fig. 3C Encrypted with Key K2 Fig. 3D Difference 3B & 3C Fig. 3E Encrypted with Key K1 but Decrypted with K2 Fig. 3F Encrypted with Key K2 but Decrypted with K1 Fig. 3 Results Key Sensitivity Test for Original CAST-128 Algorithm Fig. 4A Plainimage Cart.bmp Fig. 4B Encrypted with Key K1 30

4 Fig. 4C Encrypted with Key K2 Fig. 4D Difference 4B & 4C Original (Ape.bmp) Fig. 4E Encrypted with Key K1 but Decrypted withk2 Fig. 4F Encrypted with Key K2 but Decrypted with K1 Fig.4 Results Key Sensitivity Test for Modified CAST-128 Algorithm The textures visible in the cipherimages the above tests is an indication appearance large area in the original image where pixel values rarely differ. It is the property block ciphers that for a given input there will be fixed ciphertext, which means as long as plaintext block repeats, ciphertext block also repeats. This can be avoided by using one the modes operation other than ECB mode. Fig. 5B Histogram for Original V. STATISTICAL ANALYSIS This is shown by a test on the histograms[6], [11] the enciphered images and on the correlations adjacent pixels in the ciphered image. A. Histograms Encrypted s We have selected Ape.bmp image as plainimage for histogram analysis. We have encrypted this image first by using original CAST-128 and then by using modified CAST-128. Then we have generated histograms for plainimage and its encrypted images. Fig. 5 shows the histograms for original image and its corresponding cipherimage obtained using original CAST-128. Fig. 6 shows histogram for cipherimage encrypted using modified CAST-128. From these figures we can see that the histogram the encrypted images is fairly uniform and is significantly different from that the original image. From the histogram we can also observe that there is a huge variation in the percentage number pixels with a certain grey scale value which is varying from 0 to 1%. For cipher images this percentage is almost constant. This shows that the number pixels with a certain grey scale value is almost same which is around 0.4% approximately. This is clearly shown in Fig. 5B, 5D and 6B. Fig. 5C Encrypted Ape.bmp Fig. 5D Histogram for Encrypted Fig. 5 Histograms for Plainimage and Cipherimage Original CAST-128 Algorithm Fig. 5A Fig. 6A Encrypted Ape.bmp 31

5 Fig. 7 Correlation Distribution Two Horizontally Adjacent Pixels for Plainimage Ape.bmp Fig. 6B Histogram for Encrypted Fig. 6 Results Histogram for Cipherimage Modified CAST-128 Algorithm B. Correlation Two Adjacent Pixels To determine the correlation between horizontally adjacent pixels[6], [11] in an image, the procedure is as follows: First, randomly select N pairs horizontally adjacent pixels from an image. Compute their correlation coefficient using the following formulae Fig.8 Correlation Distribution two Horizontally Adjacent Pixels for Cipherimage Ape.bmp Encrypted using Original CAST-128 Algorithm Fig. 9 Correlation Distribution two Horizontally Adjacent Pixels for Cipherimage Ape.bmp Encrypted using Modified CAST-128 Algorithm where x and y represent grey-scale values horizontally adjacent pixels in the image. E(x) represents the mean x values, D(x) represents the variance x values, cov(x,y) represents covariance x and y and r xy represents correlation coefficient. We have randomly selected 1200 pairs two adjacent pixels from the plainimage, Ape.bmp and the corresponding cipherimages encrypted using original and modified s. Then we have computed the correlation coefficient using the above equations. The correlation coefficient for plainimage was found to be For ciherimage which is encrypted using original CAST-128, it is and it is for image encrypted using modified CAST-128. Fig. 7, 8 and 9 show the correlation distribution two horizontally adjacent pixels for plainimage Ape.bmp and the encrypted images encrypted using original and modified CAST-128 s respectively. Imag e Nam e Ape. bmp Table V Correlation Coefficients for Ape.bmp, Cart.bmp and their Encrypted s Correlation Coefficient for Plainima ge Original CAST-128 Encrypte d with key K1 Encrypte d with key K2 differing by 1 bit from K1 Modified CAST-128 Encrypte d with key K1 Encrypted with key K2 differing by 1 bit from K Cart. bmp Table V the correlation coefficients for two bit map images Ape and Cart and their encrypted images using original and modified CAST-128 s. The correlation 32

6 coefficient values for plainimages are much larger than for that encrypted images in both cases. All the observations from the tests we conducted reveal a fact that the modified is at least as strong as original one. VI. CONCLUSION We have made an attempt to analyse the security original and modified versions CAST-128. We have also tried to demonstrate that the modification made to the function does not violate the security and is at least as strong as the original. For this purpose, we have used avalanche criterion, encryption quality, histogram analysis, key sensitivity test and correlation coefficient. REFERENCES [1] B. Schneier, "Applied Cryptography Protocols, s, and source code in C", John Wiley & Sons, Inc., New York, second edition, [2] William Stallings, Cryptography and Network Security, Third Edition, Pearson Education, [3] C.M. Adams, Constructing symmetric ciphers using the CAST design procedure, Designs, Codes, and Cryptography, Vol. 12, No. 3, November 1997, pp [4] Adams C, The CAST-128 Encryption Algorithm, RFC 2144, May [5] Harley R. Myler and Arthur R. Weeks, "The Pocket Handbook Processing Algorithms in C", Prentice-Hall, New Jersey, [6] Hossam El-din H. Ahmed, Hamdy M. Kalash, and Osama S. Farag Allah, Encryption Quality Analysis RC5 Block Cipher Algorithm for Digital s, Journal Optical Engineering, vol. 45, [7] Kishnamurthy G.N, Dr. V Ramaswamy, Performance Enhancement CAST-128 by modifying its function, Proceedings International Conference in CISSE 2007, University Bridgeport, Bridgeport, CT, USA. [8] Krishnamurthy G N, Dr. V Ramaswamy Encryption quality analysis and Security Evaluation Blow-CAST-Fish using digital images, Communicated to International Journal Computational Science [9] Osama S. Farag Allah, Abdul Hamid M. Ragib, and Nabil A. Ismali, "Enhancements and Implementation RC6 Block Cipher for Data Security", IEEE Catalog : 01CH37239, Published [10] Hossam El-din H. Ahmed, Hamdy M. Kalash, and Osama S. Farag Allah, "An Efficient Chaos-Based Feedback Stream cipher (ECBFSC) for Encryption and Decryption, Accepted for publication in An International Journal Computing and Informatics, [11] Hossam El-din H. Ahmed, Hamdy M. Kalash. And Osama S. Farang Allah, Encryption Effeciency Analysis and Security Evaluation RC6 Block Cipher for Digital s, International Journal Of Computer, Information, and System Science, and Engineering volume 1 number ISSN pp Krishnamurthy G N born on 15 th March 1974, at Davangere, India. He has applied for membership IAENG. He obtained his B.E. degree in Electronics & Communication Engineering from Kuvempu University in 1996 and M.Tech. degree in Computer Science & Engineering from Visveswaraya technological University, India in He is presently pursuing his Ph.D. from Visveswaraya Technological University, India under the guidance Dr. V Ramaswamy. He has published papers in national and international conferences, journals in the area Cryptography. After working as a lecturer (from 1997) he has been promoted to Assistant Pressor (from 2005), in the Department Information Science & Engineering, Bapuji Institute Engineering & Technology, Davangere, affiliated to Visveswaraya Technological University, Belgaum, India. His area interest includes Design and analysis Block ciphers. He is a life member Indian Society for Technical Education, India. Dr. V Ramaswamy obtained his Ph.D. degree from Madras University, in He has applied for the membership IAENG. He is working as Pressor and Head in the Department Information Science and Engineering. He has more the 25 years teaching experience including his four years service in Malaysia. He is guiding many research scholars and has published many papers in national and international conference and in many international journals and authored one book. He has visited many universities in USA and Malaysia. He is a life member Indian Society for Technical Education, India. 33

ON THE DESIGN OF S-BOXES A. F. Webster and S. E. Tavares Department of Electrical Engineering Queen's University Kingston, Ont. Canada The ideas of completeness and the avalanche effect were first introduced

The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric

The Advanced Encryption Standard (AES) All of the cryptographic algorithms we have looked at so far have some problem. The earlier ciphers can be broken with ease on modern computation systems. The DES

EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter:

HYBRID RSA-AES ENCRYPTION FOR WEB SERVICES AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES Kalyani Ganesh

Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

International Journal of Computer Sciences and Engineering Open Access Research Paper Volume-4, Special Issue-2, April 216 E-ISSN: 2347-2693 An Experimental Study of the Performance of Histogram Equalization

Symmetric Crypto Pierre-Alain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are

Number Theory Divisibility and Primes Definition. If a and b are integers and there is some integer c such that a = b c, then we say that b divides a or is a factor or divisor of a and write b a. Definition

Randomly Encryption Using Genetic Algorithm ALI JASSIM MOHAMED ALI Department of physics, College of Science, Al-Mustansiriyah University, Baghdad, Iraq. SUMMARY In this research work a genetic algorithm

FPGA BASED HARDWARE KEY FOR TEMPORAL ENCRYPTION Abstract In this paper, a novel encryption scheme with time based key technique on an FPGA is presented. Time based key technique ensures right key to be

Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,

Developing and Investigation of a New Technique Combining Message Authentication and Encryption Eyas El-Qawasmeh and Saleem Masadeh Computer Science Dept. Jordan University for Science and Technology P.O.

Volume 3, Issue 10, October 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Provide the